All advisories

Build cache credentials are reflected in administration screens

Affected product(s)

Gradle Enterprise < 2018.5.2
Gradle Enterprise Build Cache Node < 5.2

Severity

High

Published at

2019-04-22

Related CVE ID(s)

CVE-2019-11403

Description

The cache node administration page available via Gradle Enterprise, and individual Build Cache Node servers, reflects the credentials used by users to access the cache via the HTTP interface.

Mitigation

Upgrade to Gradle Enterprise 2020.5.2 and/or Build Cache Node 5.2.